NVD

Id
20473  
Name
CVE-2016-5134  
Description
net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:N/A:N)  
Pub Date
2017-01-19  
Published
2016-07-23  
Modified Date
2016-11-28  
Seq
2016-5134  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
111989 20473 CVE-2016-5134 http://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html  View
111990 20473 CVE-2016-5134 openSUSE-SU-2016:1865  View
111991 20473 CVE-2016-5134 openSUSE-SU-2016:1868  View
111992 20473 CVE-2016-5134 openSUSE-SU-2016:1869  View
111993 20473 CVE-2016-5134 openSUSE-SU-2016:1918  View
111994 20473 CVE-2016-5134 RHSA-2016:1485  View
111995 20473 CVE-2016-5134 DSA-3637  View
111996 20473 CVE-2016-5134 92053  View
111997 20473 CVE-2016-5134 USN-3041-1  View
111998 20473 CVE-2016-5134 https://codereview.chromium.org/1996773002  View
111999 20473 CVE-2016-5134 https://crbug.com/593759  View
112000 20473 CVE-2016-5134 VU#877625  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
3303 JVNDB-2016-004076 Google Chrome のプロキシ自動設定機能の net/proxy/proxy_service.cc における認証情報を取得される脆弱性 Google Chrome のプロキシ自動設定 (PAC) 機能の net/proxy/proxy_service.cc は、URL 情報がスキーム、ホスト、およびポートに制限されていることを確認しないため、認証情報を取得される脆弱性が存在します。 CVE-2016-5134 91640 CVE-2016-5134 20473 4.3 8.8 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-004076.html 2016-07-20 2016-10-28 View